net.handle.hdllib

Class SecureResolver

java.lang.Object

net.handle.hdllib.SecureResolver

public class SecureResolver
extends java.lang.Object

Class that resolves handles while verifying digital signatures on those values. This provides a higher level of security because handle values can be signed by private keys that are kept offline instead of on a handle server. This also allows the verification of keys based on third party signatures from key pairs that are referenced outside of the handle system and not dependent on any "root" keys associated with the handle system or any particular namespace.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	SecureResolver.HDLSignature

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DEFAULT_ALGORITHM
boolean	ignoreInvalidSignatures
boolean	ignoreUnsignedValues
static byte[]	METADATA_TYPE
boolean	reportMissingValues
static java.lang.String	SIG_ALG_TAGNAME
static java.lang.String	SIG_HANDLE_ATTRIBUTE
static java.lang.String	SIG_TAGNAME
static byte[]	SIGNATURE_TYPE
static java.lang.String	SIGNED_INDEX_TAGNAME
static java.lang.String	SIGNER_HANDLE_ATTRIBUTE
static java.lang.String	SIGNER_INDEX_ATTRIBUTE
boolean	traceMessages
static int	VALUE_DIGEST_OFFSET
static java.lang.String	VALUE_HASH_ELEMENT_NAME
static java.lang.String	VALUE_INDEX_ATTRIBUTE
static java.lang.String	VALUE_MD5HASH_ATTRIBUTE
static java.lang.String	VALUE_SHA1HASH_ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
SecureResolver() Construct a SecureResolver using a new instance of the default HandleResolver to process resolution requests.
SecureResolver(HandleResolver resolver) Construct a SecureResolver using the given HandleResolver to process resolution requests.

Method Summary

Methods

Modifier and Type	Method and Description
static java.lang.String	createDigestOfValues(java.lang.String handle, HandleValue[] values) Generate an XML string containing the metadata (including digests) for the given set of handle values
java.security.PublicKey	getTrustedKey(ValueReference valRef)
static void	main(java.lang.String[] argv)
void	printState()
HandleValue[]	resolveHandle(byte[] handle, byte[][] types, int[] indexes) Resolve the given handle retrieving only the given types and indexes, if any.
HandleValue[]	resolveHandle(ResolutionRequest req) Process the given ResolutionRequest while verifying that any values returned are signed according to the policy of this object.
HandleValue[]	secureHandleValues(byte[] handle, HandleValue[] values)
HandleValue[]	secureHandleValues(byte[] handle, HandleValue[] aValues, java.util.Map<ValueReference,java.security.PublicKey> keys)
void	setRootKeysAsTrusted()
void	setTrustedKeys(java.util.Map<ValueReference,java.security.PublicKey> keyIDsMap) Specify the set of identities that are trusted to verify handle values.
void	setTrustNamespaceKeys(boolean trustThem) Sets whether or not the resolver should trust keys that are provided by higher level namespaces (ie contained in naming authority handles).
java.util.List<SecureResolver.HDLSignature>	signaturesFromValue(java.lang.String handle, HandleValue sigValue, HandleValue[] allValues)
java.util.List<SecureResolver.HDLSignature>	signaturesFromValues(java.lang.String handle, HandleValue[] allValues)
static java.lang.String	signValue(java.lang.String signerHDL, int signerIndex, java.security.PrivateKey privKey, java.lang.String signedHDL, HandleValue valueToBeSigned) Sign some handle value data (usually a table of handle value digests) with the given signer's public key.
static boolean	valueNeedsSignature(HandleValue value)
HandleValue[]	verifyValuesByMajority(byte[] handle, HandleValue[] aValues) Verify the given handle values and return only those which have been signed by a majority of the public keys in the given key map.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SIGNED_INDEX_TAGNAME

public static final java.lang.String SIGNED_INDEX_TAGNAME

See Also:

Constant Field Values

SIG_ALG_TAGNAME

public static final java.lang.String SIG_ALG_TAGNAME

See Also:

Constant Field Values

SIG_TAGNAME

public static final java.lang.String SIG_TAGNAME

See Also:

Constant Field Values

DEFAULT_ALGORITHM

public static final java.lang.String DEFAULT_ALGORITHM

See Also:

Constant Field Values

VALUE_HASH_ELEMENT_NAME

public static final java.lang.String VALUE_HASH_ELEMENT_NAME

See Also:

Constant Field Values

VALUE_INDEX_ATTRIBUTE

public static final java.lang.String VALUE_INDEX_ATTRIBUTE

See Also:

Constant Field Values

SIG_HANDLE_ATTRIBUTE

public static final java.lang.String SIG_HANDLE_ATTRIBUTE

See Also:

Constant Field Values

SIGNER_HANDLE_ATTRIBUTE

public static final java.lang.String SIGNER_HANDLE_ATTRIBUTE

See Also:

Constant Field Values

SIGNER_INDEX_ATTRIBUTE

public static final java.lang.String SIGNER_INDEX_ATTRIBUTE

See Also:

Constant Field Values

VALUE_MD5HASH_ATTRIBUTE

public static final java.lang.String VALUE_MD5HASH_ATTRIBUTE

See Also:

Constant Field Values

VALUE_SHA1HASH_ATTRIBUTE

public static final java.lang.String VALUE_SHA1HASH_ATTRIBUTE

See Also:

Constant Field Values

VALUE_DIGEST_OFFSET

public static final int VALUE_DIGEST_OFFSET

See Also:

Constant Field Values

METADATA_TYPE

public static final byte[] METADATA_TYPE

SIGNATURE_TYPE

public static final byte[] SIGNATURE_TYPE

ignoreUnsignedValues

public boolean ignoreUnsignedValues

reportMissingValues

public boolean reportMissingValues

ignoreInvalidSignatures

public boolean ignoreInvalidSignatures

traceMessages

public boolean traceMessages

Constructor Detail

SecureResolver

public SecureResolver()

Construct a SecureResolver using a new instance of the default HandleResolver to process resolution requests.

SecureResolver

public SecureResolver(HandleResolver resolver)

Construct a SecureResolver using the given HandleResolver to process resolution requests.

Method Detail

printState

public void printState()

setRootKeysAsTrusted

public void setRootKeysAsTrusted()

setTrustedKeys

public void setTrustedKeys(java.util.Map<ValueReference,java.security.PublicKey> keyIDsMap)

Specify the set of identities that are trusted to verify handle values. The given map will include the trusted identifiers as the keys and their associated public keys as the values.

getTrustedKey

public java.security.PublicKey getTrustedKey(ValueReference valRef)

setTrustNamespaceKeys

public void setTrustNamespaceKeys(boolean trustThem)

Sets whether or not the resolver should trust keys that are provided by higher level namespaces (ie contained in naming authority handles). These higher level namespaces must themselves be signed by the root namespace keys. Any levels of indirection that might occur can also be accompanied by another level of keys to which trust of the sub-namespace can be delegated.

resolveHandle

public HandleValue[] resolveHandle(byte[] handle,
                          byte[][] types,
                          int[] indexes)
                            throws HandleException

Resolve the given handle retrieving only the given types and indexes, if any. This will verify that any values returned are signed according to the policy of this object.

Throws:

HandleException

resolveHandle

public HandleValue[] resolveHandle(ResolutionRequest req)
                            throws HandleException

Process the given ResolutionRequest while verifying that any values returned are signed according to the policy of this object.

Throws:

HandleException

secureHandleValues

public HandleValue[] secureHandleValues(byte[] handle,
                               HandleValue[] values)
                                 throws java.lang.Exception

Throws:

java.lang.Exception

secureHandleValues

public HandleValue[] secureHandleValues(byte[] handle,
                               HandleValue[] aValues,
                               java.util.Map<ValueReference,java.security.PublicKey> keys)
                                 throws java.lang.Exception

Throws:

java.lang.Exception

signaturesFromValue

public java.util.List<SecureResolver.HDLSignature> signaturesFromValue(java.lang.String handle,
                                                              HandleValue sigValue,
                                                              HandleValue[] allValues)
                                                                throws java.lang.Exception

Throws:

java.lang.Exception

signaturesFromValues

public java.util.List<SecureResolver.HDLSignature> signaturesFromValues(java.lang.String handle,
                                                               HandleValue[] allValues)
                                                                 throws java.lang.Exception

Throws:

java.lang.Exception

createDigestOfValues

public static final java.lang.String createDigestOfValues(java.lang.String handle,
                                    HandleValue[] values)
                                                   throws HandleException,
                                                          java.security.NoSuchAlgorithmException

Generate an XML string containing the metadata (including digests) for the given set of handle values

Throws:

HandleException

java.security.NoSuchAlgorithmException

signValue

public static final java.lang.String signValue(java.lang.String signerHDL,
                         int signerIndex,
                         java.security.PrivateKey privKey,
                         java.lang.String signedHDL,
                         HandleValue valueToBeSigned)
                                        throws HandleException,
                                               java.security.NoSuchAlgorithmException,
                                               java.security.SignatureException,
                                               java.security.InvalidKeyException

Sign some handle value data (usually a table of handle value digests) with the given signer's public key.

Throws:

HandleException

java.security.NoSuchAlgorithmException

java.security.SignatureException

java.security.InvalidKeyException

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Throws:

java.lang.Exception

verifyValuesByMajority

public HandleValue[] verifyValuesByMajority(byte[] handle,
                                   HandleValue[] aValues)
                                     throws java.lang.Exception

Verify the given handle values and return only those which have been signed by a majority of the public keys in the given key map. The key map should contain the set of public keys from the previously trusted handle values. This should be used to verify the validity of

Throws:

java.lang.Exception

valueNeedsSignature

public static boolean valueNeedsSignature(HandleValue value)